Safe Handling of eScript Tokens - Online Prescription Australia

Key Takeaways

• eScript tokens are key to accessing your medication, but they require careful handling to avoid fraud and unauthorised access.
• Follow safe device security practices, including enabling screen locks and using secure apps for storing tokens.
• Accidental sharing is a significant risk; avoid posting tokens online or sharing them in unsecure environments.
• If a token is lost or compromised, immediately inform your doctor and request that the token be deactivated.
• Always verify the recipient when forwarding tokens to ensure proper delivery.

Your eScript token is more than just a barcode in today's Australian healthcare system; it's the secure 'key' that allows access to your medication. Unlike paper prescriptions, which can be easily lost, torn, or destroyed, electronic tokens are safeguarded within a national system, ensuring reliable access even if your phone is misplaced or an SMS is deleted.

However, their digital nature demands vigilant security practices to guard against fraud, unauthorised access, and privacy risks. Do not share token screenshots or QR codes publicly, as this can help maintain this protection. Visit the eScript and Prescription Access hub for all the information about your prescription and telehealth consultation.

This guide provides clear, practical safety measures for managing your tokens effectively, keeping your prescriptions secure while prioritising your privacy and peace of mind.

Reasons for Token Safety

Although the system is protected by strong encryption, the eScript token on your phone requires careful handling to prevent unauthorised access.

• Fraud prevention: A token is a password. If someone unauthorised gains possession of your token, they could use it for fraudulent purposes.
• Data privacy: Tokens do not reveal your clinical diagnosis; however, they remain linked to your Identity Verification before eScript records are created.
• Controlled access: Keeping your tokens safe means that nobody except you, your Nominated Pharmacy, and your trusted carers can have access to your medication schedule.

Safe Keeping of Tokens in Your Device

Your smartphone acts as the primary secure vault for your digital prescriptions. In most cases, simply restricting access to your device offers strong physical protection against unauthorised attempts to retrieve your tokens.

Patients from different states can access our online doctor in Melbourne and online doctor in Newcastle services.

Device Security Habits

• Enable Screen Locks: Use biometrics like Face ID or Touch ID, or set a strong PIN. This ensures that even if your phone is stolen, a thief cannot easily access your tokens.
• Disable SMS Previews: Adjust your phone settings to prevent message content from displaying on your locked screen. This stops anyone from glimpsing sensitive token details at a glance.
• Use a Script Wallet App: Avoid cluttered SMS threads by storing tokens in compliant apps like 1800MEDICARE or ScriptSafe. These provide password-protected access to your medication-tracking privacy settings.
• Avoid Open Screenshots: If you must store screenshots, use features like 'Secure Folder' or 'Hidden Album' on your device.

Consider reviewing our Privacy Rules for Storing Prescription Data to see how these device-level protections align with national privacy laws and standards.

Stop Unintentional Sharing

The greatest risk to token security often arises from unintentional sharing. eScript Tokens can be forwarded without duplication, making them vulnerable if handled carelessly.

Digital Practices to Avoid

• Social Media: Never post images of your eScript token online, even to ask a question or show a friend.
• Large Chat Groups: Steer clear of sharing in unencrypted group apps; use private one-on-one messages for carers instead.
• Shared Cloud Storage: Don't save unprotected screenshots in accessible folders like family-shared Dropbox; opt for restricted, encrypted options.

For guidance on sharing safely with family, refer to our article on digital prescription consent and sharing.

Lost Token Recovery Plan

If you lose your device or suspect unauthorised access to your token, deactivate the 'key' immediately.

Device Loss Follow-up Actions

• Inform your doctor immediately: Prime Medic can cancel the active script in the national system, preventing unauthorised use of the token, a process managed via digital record keeping for prescribers.
• Get the Token Reissued: The new token can be sent to your most recent email address or phone number after cancelling the old token.
• Pharmacist Dispensing Record: Your pharmacist can tell you whether a script has already been dispensed, which is an immediate sign of lost eScript recovery.

e-Script Confirmation Before Sending

You should always verify the recipient before sending eScripts to your pharmacy to ensure they are safe.

• Verify the phone number/email: Ensure the token is sent to the correct contact information for the pharmacy to avoid errors. Verify the contact information by checking the pharmacy's official website.
• Through Official Portals: When your pharmacy has a secure web portal for uploading scripts, use it instead of regular email to add an extra layer of Quality & Compliance.

For more information on national security standards for ePrescribing, visit the Australian Digital Health Agency Security and Privacy. For further advice on managing health information securely, visit Healthdirect Digital Health and Privacy.